E-MailRelay
gssl.h
Go to the documentation of this file.
1//
2// Copyright (C) 2001-2024 Graeme Walker <graeme_walker@users.sourceforge.net>
3//
4// This program is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// This program is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with this program. If not, see <http://www.gnu.org/licenses/>.
16// ===
17///
18/// \file gssl.h
19///
20/// An interface to an underlying TLS library.
21///
22
23#ifndef G_SSL_H
24#define G_SSL_H
25
26#include "gdef.h"
27#include "gstringarray.h"
28#include "gstringview.h"
29#include "gexception.h"
30#include "greadwrite.h"
31#include <string>
32#include <memory>
33#include <utility>
34
35namespace GSsl
36{
37 class Library ;
38 class Profile ;
39 class Protocol ;
40 class Digester ;
41 class LibraryImpBase ;
42 class ProtocolImpBase ;
43 class DigesterImpBase ;
44}
45
46//| \class GSsl::Protocol
47/// A TLS protocol class. A protocol object should be constructed for each
48/// secure socket. The Protocol::connect() and Protocol::accept() methods
49/// are used to link the connection's i/o methods with the Protocol object.
50/// Event handling for the connection is performed by the client code
51/// according to the result codes from read(), write(), connect() and
52/// accept().
53///
54/// Client code will generally need separate states to reflect an incomplete
55/// read(), write(), connect(), accept() or shutdown() in order that they can
56/// be retried. The distinction between a return code of Result::read or
57/// Result::write should dictate whether the connection is put into the event
58/// loop's read list or write list but it should not influence the resulting
59/// state; in each state socket read events and write events can be handled
60/// identically, by retrying the incomplete function call.
61///
62/// The protocol is half-duplex in the sense that it is not possible to read()
63/// data while a write() is incomplete or write() data while a read() is
64/// incomplete. (Nor is it allowed to issue a second call while the first is
65/// still incomplete.)
66///
68{
69public:
70 enum class Result // Result enumeration for GSsl::Protocol i/o methods.
71 {
72 ok ,
73 read ,
74 write ,
75 error ,
76 more
77 } ;
78
79 explicit Protocol( const Profile & , const std::string & peer_certificate_name = {} ,
80 const std::string & peer_host_name = {} ) ;
81 ///< Constructor.
82 ///<
83 ///< The optional "peer-certificate-name" parameter is used as an
84 ///< additional check on the peer certificate. In the simplest case
85 ///< a client passes the server's domain name and this is checked for
86 ///< an exact match against the certificate's subject CNAME (eg.
87 ///< "CN=*.example.com"). A valid CA database is required. If the
88 ///< peer-certificate-name parameter is empty then a default value
89 ///< is taken from the profile (see Library::addProfile()).
90 ///<
91 ///< The optional "peer-host-name" parameter is included in the
92 ///< TLS handshake to indicate the required peer hostname. This
93 ///< is typcially used by clients for server-name-identification
94 ///< (SNI) when connecting to virtual hosts, allowing servers to
95 ///< assume the appropriate identity. If the peer-host-name
96 ///< parameter is empty then a default value is taken from the
97 ///< profile (see Library::addProfile()).
98 ///<
99 ///< Some underlying libraries treat peer-certificate-name and
100 ///< peer-host-name to be the same, using wildcard matching of
101 ///< the certificate CNAME against the peer-host-name.
102
104 ///< Destructor.
105
106 Result connect( G::ReadWrite & io ) ;
107 ///< Starts the protocol actively (as a client).
108
109 Result accept( G::ReadWrite & io ) ;
110 ///< Starts the protocol passively (as a server).
111
112 Result shutdown() ;
113 ///< Initiates the protocol shutdown by sending a "close notify
114 ///< shutdown alert" and does a socket shutdown once the alert
115 ///< is fully sent.
116
117 Result read( char * buffer , std::size_t buffer_size_in , ssize_t & data_size_out ) ;
118 ///< Reads user data into the supplied buffer.
119 ///<
120 ///< Returns Result::read if there is not enough transport data to
121 ///< complete the internal TLS data packet. In this case the file
122 ///< descriptor should remain in the select() read list and the
123 ///< Protocol::read() should be retried using the same parameters
124 ///< once the file descriptor is ready to be read.
125 ///<
126 ///< Returns Result::write if the TLS layer tried to write to the
127 ///< file descriptor and had flow control asserted. In this case
128 ///< the file descriptor should be added to the select() write
129 ///< list and the Protocol::read() should be retried using the
130 ///< same parameters once the file descriptor is ready to be
131 ///< written.
132 ///<
133 ///< Returns Result::ok if the internal TLS data packet is complete
134 ///< and it has been completely deposited in the supplied buffer.
135 ///<
136 ///< Returns Result::more if the internal TLS data packet is complete
137 ///< and the supplied buffer was too small to take it all. In this
138 ///< case there will be no read event to trigger more read()s so
139 ///< call read() again imediately.
140 ///<
141 ///< Returns Result::error if the transport connnection was lost
142 ///< or if the TLS session was shut down by the peer or if there
143 ///< was an error.
144
145 Result write( const char * buffer , std::size_t data_size_in , ssize_t & data_size_out ) ;
146 ///< Writes user data.
147 ///<
148 ///< Returns Result::ok if fully sent.
149 ///<
150 ///< Returns Result::read if the TLS layer needs more transport
151 ///< data (eg. for a renegotiation). The write() should be repeated
152 ///< using the same parameters on the file descriptor's next
153 ///< readable event.
154 ///<
155 ///< Returns Result::write if the TLS layer was blocked in
156 ///< writing transport data. The write() should be repeated
157 ///< using the same parameters on the file descriptor's next
158 ///< writable event.
159 ///<
160 ///< Never returns Result::more.
161 ///<
162 ///< Returns Result::error if the transport connnection was lost
163 ///< or if the TLS session was shut down by the peer or on error.
164
165 static std::string str( Result result ) ;
166 ///< Converts a result enumeration into a printable string.
167 ///< Used in logging and diagnostics.
168
169 std::string peerCertificate() const ;
170 ///< Returns the peer certificate in PEM format. This can be
171 ///< interpreted using "openssl x509 -in ... -noout -text".
172
173 std::string cipher() const ;
174 ///< Returns the cipher name, or the empty string if not
175 ///< yet available.
176
177 std::string protocol() const ;
178 ///< Returns the protocol version like "TLSv1.2" or the empty
179 ///< string.
180
181 bool verified() const ;
182 ///< Returns true if the peer certificate has been verified.
183
184 std::string peerCertificateChain() const ;
185 ///< Returns the peer certificate chain in PEM format, starting
186 ///< with the peer certificate and progressing towards the
187 ///< root CA.
188 ///<
189 ///< This is not supported by all underlying TLS libraries; the
190 ///< returned string may be just the peerCertificate().
191
192public:
193 Protocol( const Protocol & ) = delete ;
194 Protocol( Protocol && ) = delete ;
195 Protocol & operator=( const Protocol & ) = delete ;
196 Protocol & operator=( Protocol && ) = delete ;
197
198private:
199 std::unique_ptr<ProtocolImpBase> m_imp ;
200} ;
201
202//| \class GSsl::Digester
203/// A class for objects that can perform a cryptographic hash.
204/// Instances are created by the Library::digester() factory
205/// method and can then be copied around.
206///
207/// Use add() one or more times, then call either state() or
208/// value() and discard. The state() string can be passed in
209/// to the Library factory method to get the digest to start
210/// from the intermediate state. However, the statesize() method
211/// returns zero if intermediate state is not supported
212/// by the underlying library.
213///
215{
216public:
217 explicit Digester( std::unique_ptr<DigesterImpBase> ) ;
218 ///< Constructor, used by the Library class.
219
220 std::size_t blocksize() const noexcept ;
221 ///< Returns the hash function's block size in bytes.
222
223 std::size_t valuesize() const noexcept ;
224 ///< Returns the hash function's value size in bytes.
225
226 std::size_t statesize() const noexcept ;
227 ///< Returns the size of the state() string in bytes,
228 ///< or zero if state() is not implemented.
229
230 void add( std::string_view ) ;
231 ///< Adds data of arbitrary size.
232
233 std::string state() ;
234 ///< Returns the intermediate state. The state string can be
235 ///< persisted and reused across different implementations, so
236 ///< it is standardised as some number of 32-bit little-endian
237 ///< values making up valuesize() bytes, followed by one
238 ///< 32-bit little-endian value holding the total add()ed
239 ///< size.
240
241 std::string value() ;
242 ///< Returns the hash value.
243
244private:
245 std::shared_ptr<DigesterImpBase> m_imp ;
246} ;
247
248//| \class GSsl::Library
249/// A singleton class for initialising the underlying TLS library.
250/// The library is configured with one or more named "profiles", and
251/// Protocol objects are constructed with reference to a particular
252/// profile. Typical profile names are "server" and "client".
253///
255{
256public:
257 G_EXCEPTION( NoInstance , tx("no tls library object") )
258 G_EXCEPTION( BadProfileName , tx("invalid tls profile name") )
259 using LogFn = void (*)(int, const std::string &) ;
260
261 explicit Library( bool active = true , const std::string & library_config = {} ,
262 LogFn = Library::log , bool verbose = true ) ;
263 ///< Constructor.
264 ///<
265 ///< The 'active' parameter can be set to false as an optimisation if the
266 ///< library is not going to be used; calls to addProfile() will do
267 ///< nothing, calls to hasProfile() will return false, and calls to
268 ///< profile() will throw.
269 ///<
270 ///< The library-config parameter should be empty by default; the format
271 ///< and interpretation are undefined at this interface.
272
273 ~Library() ;
274 ///< Destructor. Cleans up the underlying TLS library.
275
276 static void log( int level , const std::string & line ) ;
277 ///< The default logging callback function, where the level is 1 for
278 ///< debug, 2 for info, 3 for warnings, and 4 for errors. There
279 ///< will be no level 1 logging if the constructor's 'verbose'
280 ///< flag was false.
281
282 static Library * instance() ;
283 ///< Returns a pointer to a library object, if any.
284
285 void addProfile( const std::string & profile_name , bool is_server_profile ,
286 const std::string & key_file = {} , const std::string & cert_file = {} ,
287 const std::string & ca_path = {} ,
288 const std::string & default_peer_certificate_name = {} ,
289 const std::string & default_peer_host_name = {} ,
290 const std::string & profile_config = {} ) ;
291 ///< Creates a named Profile object that can be retrieved by profile().
292 ///<
293 ///< A typical application will have two profiles named "client" and "server".
294 ///< The "is-server-profile" flag indicates whether Protocol::connect()
295 ///< or Protocol::accept() will be used.
296 ///<
297 ///< The "key-file" and "cert-file" parameters point to a PEM files containing
298 ///< our own key and certificate, and this can be the same file if it contains
299 ///< both. These are required if acting as a server, but if not supplied
300 ///< this method will succeed with the failures occuring in any subsequent
301 ///< server-side session setup.
302 ///<
303 ///< The "ca-path" parameter points to a file or directory containing a
304 ///< database of CA certificates used for peer certificate verification.
305 ///< If this is "<none>" then a server will not ask its client for a
306 ///< certificate; if it is empty then the peer certificate will be requested,
307 ///< but the server will not require a certificate from the client, and
308 ///< any certificate received will not be not verified; if it is a file
309 ///< system path or "<default>" then a peer certificate will be required
310 ///< and it will be verified against the CA database.
311 ///<
312 ///< The "default-peer-certificate-name" parameter is used by Protocol
313 ///< objects created from this Profile in cases when the Protocol does not
314 ///< get a more specific peer-certificate-name passed in its constructor.
315 ///<
316 ///< Similarly the "default-peer-host-name" is used by Protocol objects
317 ///< if they do not get a more specific peer-host-name in their constructor.
318 ///<
319 ///< The "profile-config" parameter is used for any additional configuration
320 ///< items; the format and interpretation are undefined at this interface.
321
322 bool hasProfile( const std::string & profile_name ) const ;
323 ///< Returns true if the named profile has been add()ed.
324
325 const Profile & profile( const std::string & profile_name ) const ;
326 ///< Returns an opaque reference to the named profile. The profile
327 ///< can be used to construct a protocol instance.
328
329 bool enabled() const ;
330 ///< Returns true if this is a real TLS library and the constructor's active
331 ///< parameter was set.
332
333 std::string id() const ;
334 ///< Returns the TLS library name and version.
335
336 static LibraryImpBase & impstance() ;
337 ///< Returns a reference to the pimple object when enabled(). Used in
338 ///< implementations. Throws if none.
339
340 static bool real() ;
341 ///< Returns true if this is a real TLS library.
342
343 static std::string credit( const std::string & prefix , const std::string & eol , const std::string & eot ) ;
344 ///< Returns a multi-line library credit for all available TLS libraries.
345
346 static std::string ids() ;
347 ///< Returns a concatenation of all available TLS library names and versions.
348
349 static bool enabledAs( const std::string & profile_name ) ;
350 ///< A static convenience function that returns true if there is an
351 ///< enabled() Library instance() that has the named profile.
352
353 static G::StringArray digesters( bool need_state = false ) ;
354 ///< Returns a list of hash function names (such as "MD5") that the TLS
355 ///< library can do, ordered roughly from strongest to weakest. Returns
356 ///< the empty list if there is no Library instance. If the boolean
357 ///< parameter is true then the returned list is limited to those
358 ///< hash functions that can generate and be initialised with an
359 ///< intermediate state.
360
361 Digester digester( const std::string & name , const std::string & state = {} , bool need_state = false ) const ;
362 ///< Returns a digester object.
363
364public:
365 Library( const Library & ) = delete ;
366 Library( Library && ) = delete ;
367 Library & operator=( const Library & ) = delete ;
368 Library & operator=( Library && ) = delete ;
369
370private:
371 const LibraryImpBase & imp() const ;
372 LibraryImpBase & imp() ;
373 static std::unique_ptr<LibraryImpBase> newLibraryImp( G::StringArray & , Library::LogFn , bool ) ;
374
375private:
376 static Library * m_this ;
377 std::unique_ptr<LibraryImpBase> m_imp ;
378} ;
379
380//| \class GSsl::LibraryImpBase
381/// A base interface for GSsl::Library pimple classes. A common base allows
382/// for multiple TLS libraries to be built in and then selected at run-time.
383///
385{
386public:
387 virtual ~LibraryImpBase() = default ;
388 ///< Destructor.
389
390 virtual std::string id() const = 0 ;
391 ///< Implements Library::id().
392
393 virtual void addProfile( const std::string & , bool , const std::string & , const std::string & ,
394 const std::string & , const std::string & , const std::string & , const std::string & ) = 0 ;
395 ///< Implements Library::addProfile().
396
397 virtual bool hasProfile( const std::string & profile_name ) const = 0 ;
398 ///< Implements Library::hasProfile().
399
400 virtual const Profile & profile( const std::string & profile_name ) const = 0 ;
401 ///< Implements Library::profile().
402
403 virtual G::StringArray digesters( bool ) const = 0 ;
404 ///< Implements Library::digesters().
405
406 virtual Digester digester( const std::string & , const std::string & , bool ) const = 0 ;
407 ///< Implements Library::digester().
408
409 static bool consume( G::StringArray & list , std::string_view item ) ;
410 ///< A convenience function that removes the item from
411 ///< the list and returns true iff is was removed.
412} ;
413
414//| \class GSsl::Profile
415/// A base interface for profile classes that work with concrete classes
416/// derived from GSsl::LibraryImpBase and GSsl::ProtocolImpBase.
417///
419{
420public:
421 virtual ~Profile() = default ;
422 ///< Destructor.
423
424 virtual std::unique_ptr<ProtocolImpBase> newProtocol( const std::string & , const std::string & ) const = 0 ;
425 ///< Factory method for a new Protocol object.
426} ;
427
428//| \class GSsl::ProtocolImpBase
429/// A base interface for GSsl::Protocol pimple classes.
430///
432{
433public:
434 virtual ~ProtocolImpBase() = default ;
435 ///< Destructor.
436
437 virtual Protocol::Result connect( G::ReadWrite & ) = 0 ;
438 ///< Implements Protocol::connect().
439
440 virtual Protocol::Result accept( G::ReadWrite & ) = 0 ;
441 ///< Implements Protocol::accept().
442
443 virtual Protocol::Result shutdown() = 0 ;
444 ///< Implements Protocol::shutdown().
445
446 virtual Protocol::Result read( char * , std::size_t , ssize_t & ) = 0 ;
447 ///< Implements Protocol::read().
448
449 virtual Protocol::Result write( const char * , std::size_t , ssize_t & ) = 0 ;
450 ///< Implements Protocol::write().
451
452 virtual std::string peerCertificate() const = 0 ;
453 ///< Implements Protocol::peerCertificate().
454
455 virtual std::string peerCertificateChain() const = 0 ;
456 ///< Implements Protocol::peerCertificateChain().
457
458 virtual std::string cipher() const = 0 ;
459 ///< Implements Protocol::cipher().
460
461 virtual std::string protocol() const = 0 ;
462 ///< Implements Protocol::protocol().
463
464 virtual bool verified() const = 0 ;
465 ///< Implements Protocol::verified().
466} ;
467
468//| \class GSsl::DigesterImpBase
469/// A base interface for GSsl::Digester pimple classes.
470///
472{
473public:
474 virtual ~DigesterImpBase() = default ;
475 ///< Destructor.
476
477 virtual void add( std::string_view ) = 0 ;
478 ///< Implements Digester::add().
479
480 virtual std::string value() = 0 ;
481 ///< Implements Digester::value().
482
483 virtual std::string state() = 0 ;
484 ///< Implements Digester::state().
485
486 virtual std::size_t blocksize() const noexcept = 0 ;
487 ///< Implements Digester::blocksize().
488
489 virtual std::size_t valuesize() const noexcept = 0 ;
490 ///< Implements Digester::valuesize().
491
492 virtual std::size_t statesize() const noexcept = 0 ;
493 ///< Implements Digester::statesize().
494} ;
495
496#endif
A base interface for GSsl::Digester pimple classes.
Definition: gssl.h:472
virtual std::string state()=0
Implements Digester::state().
virtual std::size_t blocksize() const noexcept=0
Implements Digester::blocksize().
virtual std::size_t statesize() const noexcept=0
Implements Digester::statesize().
virtual std::size_t valuesize() const noexcept=0
Implements Digester::valuesize().
virtual ~DigesterImpBase()=default
Destructor.
virtual std::string value()=0
Implements Digester::value().
virtual void add(std::string_view)=0
Implements Digester::add().
A class for objects that can perform a cryptographic hash.
Definition: gssl.h:215
std::string value()
Returns the hash value.
Definition: gssl.cpp:228
std::size_t statesize() const noexcept
Returns the size of the state() string in bytes, or zero if state() is not implemented.
Definition: gssl.cpp:248
std::string state()
Returns the intermediate state.
Definition: gssl.cpp:233
void add(std::string_view)
Adds data of arbitrary size.
Definition: gssl.cpp:223
std::size_t blocksize() const noexcept
Returns the hash function's block size in bytes.
Definition: gssl.cpp:238
std::size_t valuesize() const noexcept
Returns the hash function's value size in bytes.
Definition: gssl.cpp:243
Digester(std::unique_ptr< DigesterImpBase >)
Constructor, used by the Library class.
Definition: gssl.cpp:218
A base interface for GSsl::Library pimple classes.
Definition: gssl.h:385
virtual ~LibraryImpBase()=default
Destructor.
virtual bool hasProfile(const std::string &profile_name) const =0
Implements Library::hasProfile().
virtual const Profile & profile(const std::string &profile_name) const =0
Implements Library::profile().
virtual Digester digester(const std::string &, const std::string &, bool) const =0
Implements Library::digester().
virtual std::string id() const =0
Implements Library::id().
static bool consume(G::StringArray &list, std::string_view item)
A convenience function that removes the item from the list and returns true iff is was removed.
Definition: gssl.cpp:255
virtual G::StringArray digesters(bool) const =0
Implements Library::digesters().
virtual void addProfile(const std::string &, bool, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &)=0
Implements Library::addProfile().
A singleton class for initialising the underlying TLS library.
Definition: gssl.h:255
static bool enabledAs(const std::string &profile_name)
A static convenience function that returns true if there is an enabled() Library instance() that has ...
Definition: gssl.cpp:97
bool hasProfile(const std::string &profile_name) const
Returns true if the named profile has been add()ed.
Definition: gssl.cpp:85
static Library * instance()
Returns a pointer to a library object, if any.
Definition: gssl.cpp:58
std::string id() const
Returns the TLS library name and version.
Definition: gssl.cpp:69
static LibraryImpBase & impstance()
Returns a reference to the pimple object when enabled().
Definition: gssl.cpp:102
static std::string credit(const std::string &prefix, const std::string &eol, const std::string &eot)
Returns a multi-line library credit for all available TLS libraries.
Definition: gssl_none.cpp:85
static bool real()
Returns true if this is a real TLS library.
Definition: gssl.cpp:52
Library(bool active=true, const std::string &library_config={}, LogFn=Library::log, bool verbose=true)
Constructor.
Definition: gssl.cpp:30
static std::string ids()
Returns a concatenation of all available TLS library names and versions.
Definition: gssl_none.cpp:90
void addProfile(const std::string &profile_name, bool is_server_profile, const std::string &key_file={}, const std::string &cert_file={}, const std::string &ca_path={}, const std::string &default_peer_certificate_name={}, const std::string &default_peer_host_name={}, const std::string &profile_config={})
Creates a named Profile object that can be retrieved by profile().
Definition: gssl.cpp:75
const Profile & profile(const std::string &profile_name) const
Returns an opaque reference to the named profile.
Definition: gssl.cpp:90
bool enabled() const
Returns true if this is a real TLS library and the constructor's active parameter was set.
Definition: gssl.cpp:63
Digester digester(const std::string &name, const std::string &state={}, bool need_state=false) const
Returns a digester object.
Definition: gssl.cpp:138
static G::StringArray digesters(bool need_state=false)
Returns a list of hash function names (such as "MD5") that the TLS library can do,...
Definition: gssl.cpp:133
~Library()
Destructor. Cleans up the underlying TLS library.
Definition: gssl.cpp:45
static void log(int level, const std::string &line)
The default logging callback function, where the level is 1 for debug, 2 for info,...
Definition: gssl.cpp:123
A base interface for profile classes that work with concrete classes derived from GSsl::LibraryImpBas...
Definition: gssl.h:419
virtual std::unique_ptr< ProtocolImpBase > newProtocol(const std::string &, const std::string &) const =0
Factory method for a new Protocol object.
virtual ~Profile()=default
Destructor.
A base interface for GSsl::Protocol pimple classes.
Definition: gssl.h:432
virtual bool verified() const =0
Implements Protocol::verified().
virtual std::string peerCertificate() const =0
Implements Protocol::peerCertificate().
virtual Protocol::Result connect(G::ReadWrite &)=0
Implements Protocol::connect().
virtual std::string cipher() const =0
Implements Protocol::cipher().
virtual ~ProtocolImpBase()=default
Destructor.
virtual Protocol::Result write(const char *, std::size_t, ssize_t &)=0
Implements Protocol::write().
virtual std::string protocol() const =0
Implements Protocol::protocol().
virtual Protocol::Result read(char *, std::size_t, ssize_t &)=0
Implements Protocol::read().
virtual std::string peerCertificateChain() const =0
Implements Protocol::peerCertificateChain().
virtual Protocol::Result accept(G::ReadWrite &)=0
Implements Protocol::accept().
virtual Protocol::Result shutdown()=0
Implements Protocol::shutdown().
A TLS protocol class.
Definition: gssl.h:68
~Protocol()
Destructor.
Result shutdown()
Initiates the protocol shutdown by sending a "close notify shutdown alert" and does a socket shutdown...
Definition: gssl.cpp:211
Result read(char *buffer, std::size_t buffer_size_in, ssize_t &data_size_out)
Reads user data into the supplied buffer.
Definition: gssl.cpp:201
Protocol(const Profile &, const std::string &peer_certificate_name={}, const std::string &peer_host_name={})
Constructor.
Definition: gssl.cpp:145
std::string cipher() const
Returns the cipher name, or the empty string if not yet available.
Definition: gssl.cpp:170
bool verified() const
Returns true if the peer certificate has been verified.
Definition: gssl.cpp:176
static std::string str(Result result)
Converts a result enumeration into a printable string.
Definition: gssl.cpp:182
std::string peerCertificateChain() const
Returns the peer certificate chain in PEM format, starting with the peer certificate and progressing ...
Definition: gssl.cpp:159
std::string protocol() const
Returns the protocol version like "TLSv1.2" or the empty string.
Definition: gssl.cpp:165
Result write(const char *buffer, std::size_t data_size_in, ssize_t &data_size_out)
Writes user data.
Definition: gssl.cpp:206
Result connect(G::ReadWrite &io)
Starts the protocol actively (as a client).
Definition: gssl.cpp:191
Result accept(G::ReadWrite &io)
Starts the protocol passively (as a server).
Definition: gssl.cpp:196
std::string peerCertificate() const
Returns the peer certificate in PEM format.
Definition: gssl.cpp:153
An abstract interface for reading and writing from a non-blocking i/o channel.
Definition: greadwrite.h:50
TLS/SSL transport layer security classes.
Definition: gssl.h:36
std::vector< std::string > StringArray
A std::vector of std::strings.
Definition: gstringarray.h:30
constexpr const char * tx(const char *p) noexcept
A briefer alternative to G::gettext_noop().
Definition: ggettext.h:84
STL namespace.